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A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) OR THIRTY (30) DAYS, 
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- Extensions of time may be available under the provisions of 37 CFR 1 .1 36(a). In no event, however, may a reply be timely filed 
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Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment See 37 CFR 1 .704(b). 

Status 

1)^ Responsive to communication(s) filed on 26 December 2006 . 
2a)D This action is FINAL. 2b)K This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 

Disposition of Claims 

4) 03 Claim(s) 1-1 1.13-1 5.1 7-23 and 25-35 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) [3 Claim(s) 1-11. 13-15.17-23 and 25-35 is/are rejected. 

7) KI Claim(s) 12. 16. 24. 36 is/are objected to. 

8) Q Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) Q The specification is objected to by the Examiner. 

10) ^ The drawing(s) filed on 11 January 2002 is/are: a)^ accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1 .121 (d). 

1 1) D The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12) ^ Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 19(a)-(d) or (f). 
a)lEl All b)D Some * c)D None of: 

1 .£3 Certified copies of the priority documents have been received. 

2. Q Certified copies of the priority documents have been received in Application No. . 

3. Q Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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DETAILED ACTION 



Response to Appeal Brief 



Claims 1-36 are pending in the current application. 

In view of the Appeal Brief filed on 12/26/2006, PROSECUTION IS HEREBY 
REOPENED. A new ground of rejection is set forth below. 

To avoid abandonment of the application, appellant must exercise one of the following 
two options: 

(1) file a reply under 37 CFR 1.111 (if this Office action is non-final) or a reply under 37 
CFR 1.113 (if this Office action is final); or, 

(2) initiate a new appeal by filing a notice of appeal under 37 CFR 41 .3 1 followed by an 
appeal brief under 37 CFR 41 .37. The previously paid notice of appeal fee and appeal brief fee 
can be applied to the new appeal. If, however, the appeal fees set forth in 37 CFR 41 .20 have 
been increased since they were previously paid, then appellant must pay the difference between 
the increased fees and the amount previously paid. 

A Supervisory Patent Examiner (SPE) has approved of reopening prosecution by signing 

below: 
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Response to Amendments filed with the Appeal Brief 

With regard to the amendments filed 6/15/2006 made to traverse the 35 USC 101 
rejections applied to claims 21-25, 27, and 28, Examiner withdraws the previously made 35 USC 
101 rejections since Applicants have amended to ensure that the program is in fact on a storage 
medium, which as defined by page 35 of the specification, is tied to an article of manufacture. 

Allowable Subject Matter 

Claims 12, 16, 24, and 36 would be allowable if rewritten to overcome the rejection(s) 
under 35 U.S.C. 1 12, 2nd paragraph, set forth in this Office action and to include all of the 
limitations of the base claim and any intervening claims. 

The following is a statement of reasons for the indication of allowable subject matter: 
The cited prior arts of record taken singly, or in combination with one another, fail to disclose 
wherein the network identifier on the smart card is a MAC address. 

Claim Rejections - 35 USC § 112 

The following is a quotation of the second paragraph of 35 U.S.C. 112: 

The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the 
subject matter which the applicant regards as his invention. 

Claims 1-36 are rejected under 35 U.S.C. 1 12, second paragraph, as being indefinite for 
failing to particularly point out and distinctly claim the subject matter which applicant regards as 
the invention. 

As per claims 1,5-8,13-14, 29-3 1 : 
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It has been held that the recitation that an element is "operable to" or "configured to" 
perform a function is not a positive limitation but only requires the ability to so perform. It does 
not constitute a limitation in any patentable sense. In re Hutchison, 69 USPQ 138. It is noted 
that Applicants intended to use these terms for a broader scope, however Examiner would like 
some clarification on whether or not this is the case. If Applicants did not intend to claim that 
the elements are only "operable" or "configured" to perform some type of function, that 
language may be removed from the claims so that the limitations are given full weight. 
As per claims 1,7, 13, 21, 29-31, and 35: 

The phrase "key-key encryption" is mentioned in each of the claims listed, where 
although phrases in the claims are taken in light of the specification, the specification cannot be 
read into the claims. Furthermore, Examiner could not locate an exact definition for this term, 
only references to other synonyms on page 20 and therefore the scope of this term is not readily 
ascertained. In order to further treat these claims on their merits, the term "key-key encryption" 
is interpreted as any type of asymmetric key encryption, i.e. a public/private key pair. 
**Claims not specifically addressed are rejected by virtue of their dependency. 

Claim Rejections - 35 USC § 102 
I. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by another filed 
in the United States before the invention by the applicant for patent or (2) a patent granted on an application for 
patent by another filed in the United States before the invention by the applicant for patent, except that an 
international application filed under the treaty defined in section 351(a) shall have the effects for purposes of this 
subsection of an application filed in the United States only if the international application designated the United 
States and was published under Article 21(2) of such treaty in the English language. 
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II. Claims 1-6, 9-11, and 31-34 are rejected under 35 U.S.C. 102(e) as being fully 
anticipated by Danes et al., US Patent No. 6,108,789. 
As per claims 1 and 3 1 : 

Danes et al. teach a portable storage device comprising: storage, the storage configured to 
store a network identity for the processing unit and at least one encryption key (col. 4, lines 3-8 
and col. 6, line 65 - col. 7, line 5), and an access controller, the access controller being operable 
to control access to the storage by implementing key-key encryption (col. 8, lines 29-50; col. 9, 
lines 3-32; and col. 16, lines 65-67). 
As per claims 2 and 32: 

Danes et al. teach the portable storage device of claims 1 and 3 1 . Furthermore, Danes 
teach the portable storage device comprising at least one secure storage portion accessible only 
under the control of the access controller (col. 6, line 65 - col. 7, line 5 and col. 18, lines 1-20). 
As per claims 3 and 33: 

Danes et al. substantially teach the portable storage device of claim 2 and-32. 
Furthermore, Danes et al. teach the portable storage device wherein said at least one encryption 
key is held in said secure storage portion (col. 6, line 65 - col. 7, line 5). 
As per claims 4 and 34: 

Danes et al. substantially teach the portable storage device of claims 2 and 32. 
Furthermore, Danes et al. teach the portable storage device wherein at least one network security 
encryption key is held in said secure storage portion (col. 6, line 65 - col. 7, line 5). 
As per claim 5: 
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Danes et al. substantially teach the portable storage device of claim 2. Furthermore, 
Danes et al. teach wherein a file is configured in said secure storage portion (col. 9, lines 3-16). 
As per claim 6: 

Danes et al. substantially teach the portable storage device of claim 2. Furthermore, 
Danes et al. teach wherein one or more files containing information are configured in respective 
secure storage portions (col. 9, lines 3-16 and col. 17, lines 40-45). 
As per claim 9: 

Danes et al. teach the portable storage device of claim 2. Furthermore, Danes et al. teach 
wherein the storage in the portable storage device comprises random access memory, the secure 
storage comprising a part of the random access memory (col. 2, lines 22-32). 
As per claim 10: 

Danes et al. teach the portable storage device of claim 1. Furthermore, Danes et al. teach 
wherein the access controller is a programmed microcontroller (col. 9, lines 4-16). 
As per claim 1 1 : 

Danes et al. substantially teach the portable storage device of claim 1. Furthermore, 
Danes et al. teach wherein the portable storage device is a smart card (col. 2, lines 22-32). 

Claim Rejections - 35 USC § 103 
III. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 
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IV. Claims 7-8, 13-15, 17-23, 25-30, and 35 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Danes et al., US Patent No. 6,108,789 and further in view of Rubin et al., US 
Patent No. 5,809,140. 
As per claim 7 and 35: 

Danes et al. substantially teach the portable storage device of claims 2 and 31. 
Furthermore, Danes et al. teach wherein the access controller is operable to perform key-key 
verification of a request encrypted by a request key supplied from the processing unit (col. 14, 
lines 16-25). Furthermore, Danes et al. teach wherein the ISP must be authenticated via the NC 
client before allowing the ISP to write account information onto the smart card (col. 16, lines 48- 
66). 

Not explicitly disclosed is where, in response to the request key verifying correctly, to 
return to the processing unit an access key derived from said at least one encryption key to 
permit access to the secure storage portion. However, Rubin teaches establishment of a session 
key for smart cards for communications, where only a process on a given host has the ability to 
access, i.e. make requests to write/read information, the smart card (col. 6, lines 39-53). 
Therefore, it would have been obvious to a person in the art at the time the invention was made 
to modify the method disclosed in Danes et al. for the smart card to establish a session key with a 
host in order to allow only certain hosts access to the smart card and to use that session key for 
communications between the smart card and the host. This modification would have been 
obvious because a person having ordinary skill in the art, at the time the invention was made, 
would have been motivated to do so since Rubin suggests that creating a session key for 
communications each time a communication attempt is made ensures that a secret key is not 
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stored long-term to prevent it from being compromised and still yields a secure data transfer in 
col. 3, lines 7-16. 
As per claim 8: 

Danes et al. and Rubin et al. substantially teach the portable storage device of claim 7. 
Furthermore, Rubin et al. teach wherein the access controller is subsequently operable to respond 
to a command from the processing unit that is encrypted using the access key to access the 
secure storage portion (col. 6, lines 39-53). 
As per claims 13, 21, 29, and 30: 

Danes et al. substantially teach a processing unit, a control program for a processing unit, 
a microcontroller, and a server computer comprising: a device reader for reading the portable 
storage device (col. 4, lines 3-5), the portable storage device comprising storage containing an 
access controller, the storage holding a network identity for the processing unit and at least one 
encryption key (col. 4, lines 3-8 and col. 6, line 65 - col. 7, line 5), and the access controller 
being operable to control access to the storage by implementing key-key encryption (col. 8, lines 
29-50; col. 9, lines 3-32; and col. 16, lines 65-67) and the processing unit being operable to 
access a secure portion of the storage of the portable storage device by supplying a key- 
encrypted request to the access controller (col. 14, lines 16-25). Furthermore, Danes et al. teach 
wherein the ISP must be authenticated via the NC client before allowing the ISP to write account 
information onto the smart card (col. 16, lines 48-66). 

Not explicitly disclosed is where, in response to receipt of an access key from the access 
controller, being operable to send an encrypted command to access the content of the storage of 
the portable storage device. However, Rubin teaches establishment of a session key for smart 
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cards for communications, where only a process on a given host has the ability to access, i.e. 
make requests to write/read information, the smart card (col. 6, lines 39-53). Therefore, it would 
have been obvious to a person in the art at the time the invention was made to modify the method 
disclosed in Danes et al. for the smart card to establish a session key with a host in order to allow 
only certain hosts access to the smart card and to use that session key for communications 
between the smart card and the host. This modification would have been obvious because a 
person having ordinary skill in the art, at the time the invention was made, would have been 
motivated to do so since Rubin suggests that creating a session key for communications each 
time a communication attempt is made ensures that a secret key is not stored long-term to 
prevent it from being compromised and still yields a secure data transfer in col. 3, lines 7-16. 
As per claims 14 and 22: 

Danes et al. and Rubin et al. substantially teach claims 13 and 21. Furthermore, Rubin et 
al. teach wherein, in response to the return of an access key, the processing unit is operable to 
use the access key to encrypt a command for access to a secure storage in the portable storage 
device (col. 6, lines 39-53). 
As per claims 1 5 and 23: 

Danes et al. and Rubin et al. substantially teach claims 13 and 21. Furthermore, Danes et 
al. teach wherein the wherein the access controller is a microcontroller (col. 9, lines 4-16) 
portable storage device is a smart card and the device reader is a smart card reader (col. 2, lines 
6-7). 

As per claims 17, 25, and 27: 
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Danes et al. and Rubin et al. substantially teach claims 13 and 21. Furthermore, Danes et 
al. teach a service processor, the service processor being programmed to control reading of the 
portable storage device (col. 14 5 lines 16-25). 
As per claims 18 and 28: 

Danes et al. and Rubin et al substantially teach claims 17 and 27. Furthermore, Danes et 
al. teach wherein the wherein the access controller is a microcontroller (col. 9, lines 4-16). 
As per claims 19 and 20: 

Furthermore, Danes et al. teach wherein the wherein the access controller is a 
microcontroller (col. 9, lines 4-16) substantially teach claim 13. Furthermore, Danes et al. teach 
wherein the processing unit is a computer server or a rack mountable computer server (col. 16, 
lines 36-64). 
As per claim 26: 

Danes et al. and Rubin et al. substantially teach the control program of claim 21 . 
Furthermore, Danes et al. teach the control program on a carrier medium (col. 2, lines 1-21). 

* References Cited, Not Used 

The prior art made of record and not relied upon is considered pertinent to applicant's 

disclosure. 

1. US Patent No. 6,654,797 

2. US Patent No. 6,260,111 

The above references have been cited because they are relevant due to the manner in which the 
invention has been claimed. 
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Conclusion 



Any inquiry concerning this communication or earlier communications from the 



examiner should be directed to Nadia Khoshnoodi whose telephone number is (571) 272-3825. 
The examiner can normally be reached on M-F: 8:00-4:30. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Emmanuel Moise can be reached on (571) 272-3865. The fax phone number for the 
organization where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 




Nadia Khoshnoodi 
Examiner 
Art Unit 2137 
4/11/2007 
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